Late last year, a federal magistrate judge in New York has granted prosecutors a search warrant in a drug case that would force Microsoft to hand over to the feds a customer’s email stored in their Dublin data center.
Microsoft is contesting the decision, arguing that if that part of the order is allowed to stand, the warrant would “would violate international law and treaties, and reduce the privacy protection of everyone on the planet.”
Microsoft maintains that "the Government cannot seek and a court cannot issue a warrant allowing federal agents to break down the doors of Microsoft's Dublin facility. Likewise, the Government cannot conscript Microsoft to do what it has no authority itself to do - i.e. execute a warranted search abroad."
They claim that if the initial court decision is confirmed, it will negatively impact on Microsoft's business and the competitiveness of US cloud providers, as it will erode the trust of foreign governments and companies.
On Tuesday, Verizon has filed an amicus brief supporting Microsoft's view of things, and the EFF is planning to do the same.
Verizon says that if the ruling is not overturned, it “could cost U.S. businesses billions of dollars in lost revenue, undermine international agreements and understandings, and prompt foreign governments to retaliate by forcing foreign affiliates of American companies to turn over the content of customer data stored in the United States.”
Arguing for the government's side, Preet Bharara, United States attorney for the Southern District of New York, says that Microsoft is wrong in equaling physical and digital search warrants, and that simply saying that the wanted data is stored abroad should not enable the company to avoid complying with the court order.
He pointed out that this type of search warrant is the "functional equivalent of a subpoena or other investigative demand served on a service provider, which compels the provider to review its stored records and produce relevant material, without regard to where it is stored."
He also says that Microsoft does not check whether the location information provided by users is correct.
"A person planning or committing crimes in or affecting the US could easily reduce the risk of detection by providing false information about his place of residence, causing Microsoft to store responsive records outside the US and beyond law enforcement's ability to obtain the records in a timely manner, if at all," he noted. "Such a restriction would have a devastating impact on the Government's ability to conduct criminal investigations."
Privacy-minded users and advocates are following the case closely, as it could decide the future of privacy laws around the globe. Oral arguments before the judge are scheduled for July 31, and if's still difficult to say when a decision will be made (and whether the losing side will appeal).
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.